12:03 p.m.
It's probably not working because of the wildcard roles and you spotted a
bug on our side. We have a shortcut in the Spring Boot config where we
collect the auth-constraints roles for each security constraint to generate
the <security-role/> "list". In auth-constraints wildcard is allowed but
not in security-role.
Could you open a ticket for this ?
Sebi
On Tue, Oct 31, 2017 at 3:27 PM, Niels Bertram <nielsbne(a)gmail.com> wrote:
Hi Meissa, in deed this one would probably work. It is not using
bearer
only mode (like a REST based micro service would) and it does only use
fixed role names. My example uses the wildcard role restriction which in
the olden days of JSPs meant any role as long as authenticated. Strange
that there are no examples out there. Thanks for taking notice. Kind
Regards, Niels
On Wed, Nov 1, 2017 at 12:15 AM, Meissa M'baye Sakho <msakho(a)redhat.com>
wrote:
> Niels,
> I've tried the example below and it works fine.
> http://blog.keycloak.org/2017/05/easily-secure-your-spring-boot.html
> Although it's not using CXF.
> Meissa
>
> On Tue, Oct 31, 2017 at 1:25 PM, Niels Bertram <nielsbne(a)gmail.com>
wrote:
>
>> Hi Keycloak Users,
>>
>> I tried to configure a dead simple Spring Boot CXF REST endpoint with
>> Keycloak Spring Boot Adapter in Bearer Only mode without any luck. It
>> appears the Keycloak Tomcat Valve fails authorization even before the
>> keycloak adapter ever gets a chance to parse the Bearer token and setup
>> the
>> session. I would have thought that with AutoConfig it would just be that
>> ... auto config. I added the below keycloak adapter configuration to the
>> application.yml file and made sure all required jars are on the
classpath.
>>
>> Does anyone have any suggestions or a link to a working example that
shows
>> how to use Spring Boot with Keycloak *AND* CXF ?
>>
>> Many thanks, Niels
>>
>> Example:
>>
>> https://github.com/bertramn/keycloak-secured-rest-endpoint
>>
>>
>> application.yml configuration:
>>
>>
>> keycloak:
>> realm: demo
>> authServerUrl: 'http://localhost:8080/auth'
>> realmKey: 'MIIBIjANBgDAQAB'
>> sslRequired: external
>> resource: test-client
>> bearerOnly: true
>> securityConstraints:
>> - authRoles: [ '*' ]
>> securityCollections:
>> - name: authed
>> patterns: [ '/v1/secured' ]
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user